This phone is kinda diehard. Thanks to dirtycow and free time, now I have root on this phone. But only shell root access.
Code:
255|[email protected]:/ # id
uid=0(root) gid=0(root) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:runas:s0
[email protected]:/ # mount -o remount,rw /system
mount: Operation not permitted
There are custom bootloaders, is there a way install them directly from the phone? All the info I got is fancy app/gui. There is no hardcore docs on how to gain the full root access or flash the bootloader.
I have access to the /cache partition. I also have access to the /cache/delta/boot_delta.bin (looks like it is encrypted), I can reboot to the recovery menu and pass commands into /cache/recovery/command
I can use dd to dump whole flash (read access works). But dd doesn't work with /dev/block/ devices on write (it works without problems, but when you check actual content - it appeared to be unmodified at all). Is it a common write protection or something?
Also there is a FOTA partition. How can I determine which reboot command should I send to reboot to the fota recovery?
Related
So, nobody answered and I had to create this topic.
1) I have RC29
2) When I try to use the MOUNT command in pTerminal I ALWAYS get:
roootfs / rootfs ro 0 0
etc.
3) When I use
mount -o remount rw /system
I ALWAYS get:
mount: Operation not permitted.
4) When:
cd /system
cat /sdcard/recovery_testkeys.img > recovery.img
I ALWAYS get:
cannot create recovery.img: read-only file system
PS All files are there. The update's name is written right - update.zip. I've used pTerminal.
So, do I have the Root Access or not and am i doing smth wrong??
Appreciate any help\advices.
Thanks.
Have you tried doing this through the telnetd way?
BAD_BOY_KIEV said:
So, nobody answered and I had to create this topic.
1) I have RC29
2) When I try to use the MOUNT command in pTerminal I ALWAYS get:
roootfs / rootfs ro 0 0
etc.
3) When I use
mount -o remount rw /system
I ALWAYS get:
mount: Operation not permitted.
4) When:
cd /system
cat /sdcard/recovery_testkeys.img > recovery.img
I ALWAYS get:
cannot create recovery.img: read-only file system
PS All files are there. The update's name is written right - update.zip. I've used pTerminal.
So, do I have the Root Access or not and am i doing smth wrong??
Appreciate any help\advices.
Thanks.
Click to expand...
Click to collapse
You have to use the telnetd command first to exploit the root access. There are other threads that tell you how. Basically telnet into the phone then execute the commands.
If you look in your PM box. i sent you a link with step by step instructions yesterday!
Cannot root RC29 - read only file error
Hi,
I did it also thru Telnet but get the same message...any tips to root the phone? I am still sending that automatic SMS...
Thanks, M
Hi guys,
If any one getting error while remounting system partition in rw mode using adb, please follow these steps :
C:\Android\android-sdk-windows\tools> adb remount
remount failed: No such file or directory
SOLUTION:
Connect to your device usb adb: [FOR ROOTED DEVICES ONLY]
C:\Android\android-sdk-windows\tools> adb shell
$su
#mount -o remount,rw /dev/stl12 /system
(do your desired work like copy some files on system/media folder , then remount the system partition in ro mode again)
# cd /
#mount -o remount,ro /dev/stl12 /system
#exit
$exit
Thats all
FYI if you want to know the dev partitions mounted on your device :
C:\Android\android-sdk-windows\tools> adb shell
$ su
# mount
cheers
Did you map the other partitions by any chance? I'd like to be able to make a full backup to eventually be flashed back with Heimdall or ODIN. I already have a system.rfs (stock + root) that could be made in a tar image.
I've see tutorials for other Samsung phones but these need to be adapted to our exact setup. I haven't found anything generic enough to know how to go about mapping things.
It might also help those who flashed GT-S5660 ROMs on the Bell Canada GT-S5660M, as the screen brightness issues sound very much like kernel issues to me...
I can't quite tell what the difference is between stl and bml either. (I'll probably try dd'ing the different blocks, except stl5, and peek around with a hex editor...)
Goodbye,
Darkshado
I am locked out of my Nexus S due to a Force Close loop with Nfc.app caused by installing a non-working fix for the Google Wallet app on the T-Mobile (thanks Google!). I therefore can't run root explorer etc.
I am trying to remove Nfc.app using but get these errors:
Code:
$ rm /system/app/nfc.app
rm failed for /system/app/nfc.app, Read-only file system
$ remount
remount: permission denied
# mount -w -o remount /system
Usage: mount [-r] [-w] [-o options] [-t type] device directory
Any way I can get past the read-only error, and the failure of remount?
Boot in recovery and run adb shell. That'll give you root permissions and access to the file system.
Greetz
That gives me:
error: device not found
I am using stock recovery (because it was a soft ClockworkMod recovery and I can't get back into ROM manager to reflash it).
Flash recovery with fastboot.
Thanks but I get:
$ fastboot flash recovery clockwork.img
fastboot: permission denied
Doing it wrong. Read the guides to learn how to set up and use fastboot.
I tried but that's all I came up with. If you could type the line of command I need, I'd really appreciate it, and give thanks
frutelaken said:
Boot in recovery and run adb shell. That'll give you root permissions and access to the file system.
Greetz
Click to expand...
Click to collapse
adb shell only inherently grants root permissions on an insecure boot image. If he's stock, rooted he'll get the standard user prompt and have to request elevated privileges.
CJSnet said:
I am locked out of my Nexus S due to a Force Close loop with Nfc.app caused by installing a non-working fix for the Google Wallet app on the T-Mobile (thanks Google!). I therefore can't run root explorer etc.
I am trying to remove Nfc.app using but get these errors:
Code:
$ rm /system/app/nfc.app
rm failed for /system/app/nfc.app, Read-only file system
$ remount
remount: permission denied
# mount -w -o remount /system
Usage: mount [-r] [-w] [-o options] [-t type] device directory
Any way I can get past the read-only error, and the failure of remount?
Click to expand...
Click to collapse
No offense, but the Thanks Google is a bit snarky - they didn't provide for T-Mobile users and never distributed the APK to flash.
For something helpful though - go ahead and boot up normally. Grab a shell, su and remount /system manually
Code:
mount -o remount,rw /dev/mtdblock3 /system
You have to tell mount which partition to mount, it won't accept just a mount point.
Thanks, but how do I request elevated privileges? E.g. I get this:
$ mount -o remount,rw /dev/mtdblock3 /system
mount: Operation not permitted
And this:
$ fastboot OEM unlock
fastboot: permission denied
Seems I can't do anything from the $ prompt.
PS: My snark at Google was for releasing a fragmented product that was not available to T-Mobile in the first place, hence these problems with the cracked version.
CJSnet said:
Thanks, but how do I request elevated privileges? E.g. I get this:
$ mount -o remount,rw /dev/mtdblock3 /system
mount: Operation not permitted
And this:
$ fastboot OEM unlock
fastboot: permission denied
Seems I can't do anything from the $ prompt.
PS: My snark at Google was for releasing a fragmented product that was not available to T-Mobile in the first place, hence these problems with the cracked version.
Click to expand...
Click to collapse
Are you rooted - if so then su prior to issuing the mount command?
If not, Is the bootloader current unlocked? You don't use fastboot from the device shell. Fastboot is a command line utility used from your local computer to operate on the device when it is in the boot loader.
Bootloader was already unlocked.
I solved it:
Rebooted into fastboot mode by holding volume up and power
On computer navigated to folder containing fastboot and put the clockwork.img in there
Typed fastboot flash recovery clockwork.img
I now have CWM recovery back, thanks.
Hi,all, I just get start with Nexus 5. can anybody tell me what the problem? follow with the command I input in windows shell.
K:\N5\ROOT>adb shell
[email protected]:/ $ su
su
[email protected]:/ # mount -o remount system /system
mount -o remount system /system
mount: Permission denied
255|[email protected]:/ #
Anyone on this?
Cheers!
su
mount -o remount,rw /system
However this only works if you have a custom "insecure" kernel that allows adb to do root things.
Sent from my Nexus 5 using Tapatalk
Thanks for the reply!
So, I will write my story here, hopefully to help some other guy in the future!
Basically I was on debug build from AOSP for the N5! And I installed all proprietary files from Google, LG, Qualcomm etc! But camera was faulty! So I decided to flash the stock images from Google! Then I 've lost
Code:
adb root
So I flashed the boot image from the debug build I had previously!
adb root works like charm!
to flash it, I used: fastboot flash boot boot.img
I tried
mount -o rw,remount /system/
But
mount: '/system/' not in /proc/mounts
system-as-root = system is mounted as /, not /system
Permissions are fine.
DavidxxxD said:
system-as-root = system is mounted as /, not /system
Permissions are fine.
Click to expand...
Click to collapse
I can't write to / still
Are you root?
What is output of
Bash:
id
Bash:
su -c mount -o remount,rw /
Also try this to find out more
Bash:
mount | grep "/ "
DavidxxxD said:
Are you root?
What is output of
Bash:
id
Bash:
su -c mount -o remount,rw /
Also try this to find out more
Bash:
mount | grep "/ "
Click to expand...
Click to collapse
Bash:
berlna:/ $ id
uid=2000(shell) gid=2000(shell) groups=2000(shell),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),1078(ext_data_rw),1079(ext_obb_rw),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc),3011(uhid),3012 context=u:r:shell:s0
Bash:
berlna:/ $ su -c mount -o remount,rw /
'/dev/block/dm-8' is read-only
Bash:
berlna:/ $ mount | grep "/ "
/dev/block/dm-8 on / type ext4 (ro,seclabel,relatime,discard)
And yes I have root
I've never seen this output from trying to remount. Could be a permanent read-only attribute somewhere. /dev/block/dm-8 looks like your system is on an encrypted partition, this could have something to do with the error. You can try using the busybox version of mount command. Also, does your device have a super partition? That could explain it.
DavidxxxD said:
I've never seen this output from trying to remount. Could be a permanent read-only attribute somewhere. /dev/block/dm-8 looks like your system is on an encrypted partition, this could have something to do with the error. You can try using the busybox version of mount command. Also, does your device have a super partition? That could explain it.
Click to expand...
Click to collapse
This is the same error i also face in oneplus os12 and yes my dev dm-x also is ro even after root
Its super.img and also i try with busybox
But useless
The only way now i can see is unpack backup super
Unpack edit repack and flash back
But its not possible for me
Rewriting the super partition every time, seems to be the only way in your case.
The lpflash tools are used to work with super partitions.
I've attatched a statically linked 64-bit ARM version that can run on the device, built from this source.
Extract the system image using
Bash:
./lpunpack -p system super.img
Note: This can also be run directly on the block device, it only reads.
From there, you can modify the system and add it to a super image (the firmware usually has sparse ones that need to be decompressed first). You could also flash the new system image directly via fastbootd mode.
Note: Ignore any "invaild sparse header" messages from fastboot.
Don't flash unsparse images on Samsung devices! They will not like it!
Hope this is helpful.
DavidxxxD said:
Rewriting the super partition every time, seems to be the only way in your case.
The lpflash tools are used to work with super partitions.
I've attatched a statically linked 64-bit ARM version that can run on the device, built from this source.
Extract the system image using
Bash:
./lpunpack -p system super.img
Note: This can also be run directly on the block device, it only reads.
From there, you can modify the system and add it to a super image (the firmware usually has sparse ones that need to be decompressed first). You could also flash the new system image directly via fastbootd mode.
Note: Ignore any "invaild sparse header" messages from fastboot.
Don't flash unsparse images on Samsung devices! They will not like it!
Hope this is helpful.
Click to expand...
Click to collapse
Its a super.img thx